Steffan wrote: > I wonder why you don't want to encrypt/sign in the MUA. It is more > flexible and, well, works most of the time.
Because users are incapable of getting it right, and the time they forget to encrypt the message may also be the time they send company B's confidential data to company A. At one point I was seeing ~10 messages per week which the users had forgotten to encrypt, and I saw 2 in 6 months go to the wrong company without encryption. I looked at this a long time ago, and got a system working which verified that messages to and from designated domains were encrypted. It was a bit messy, but it worked. It also ensured that the corporate key had been included in the encryption targets, so we could enforce use of this key for message recovery purposes. It did this by trying to decrypt any encrypted parts using the corporate key. Coincidentally, this also stopped employees using encryption to any domain except those we expressly permitted it to - otherwise our confidential data could walk out of the door, and we'd be none the wiser. The issue, as Steffan has already pointed out, is that you have to trust your mail server with the passphrase to your private key, or in our case, to the company's private key. In our circumstances, this was more acceptable than the breaches of security caused by incapable users, but you may not be able to make that argument. Best Wishes, Paul. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
